INTELLIGENCE BRIEFING: 20.250.145.94
---
EXECUTIVE SUMMARY
IP 20.250.145.94 is classified as Microsoft Azure cloud infrastructure (AS8075, 20.192.0.0/10) with a moderate risk score of 50. Current threat indicators show no active malicious activity, but historical observations reveal prior threat associations and DNSBL listings. The /24 subnet remains clean with zero abuse density.
---
OWNERSHIP & INFRASTRUCTURE
- Organization: Microsoft Corporation (AS8075)
- Network Range: 20.192.0.0/10
- Infrastructure Type: CloudCompute (Microsoft Azure)
- Geolocation: United States (Zurich region)
- Classification: Cloud Hosting with No Active Services (Firewalled)
---
RISK ASSESSMENT
- Current Risk Score: 50 (Moderate Risk)
- Operator Score: 0.1304 (Minimal)
- Abuse Confidence: Not elevated
- Known Attacker Status: No
- Tor Exit Node: No
THREAT INDICATORS
- Active Threat Indicators: None
- Blacklist Count: 0 (current)
- Threat Feeds: Empty
- Known Campaigns: None identified
- DNSBL Listings: 2 current, 8 total historical
---
OBSERVATION HISTORY (17 Signals)
Historical observations indicate temporal variability in threat association:
- June 16, 2026: DNSBL listing observed with "high" severity classification
- June 21, 2026: Threat indicators present with Pulse name associations (22 pulses detected)
- Cloud Infrastructure Classification: Consistently identified as Microsoft Azure throughout observation window
- Infrastructure Persistence: No ownership changes recorded
---
NETWORK NEIGHBORHOOD ANALYSIS
- Subnet: 20.250.145.94/24
- Abuse Density: 0.00 (Clean)
- Active Siblings: 0
- Threat Siblings: 0
- Neighboring IP Risk Distribution: High: 0, Medium: 0, Low: 0
---
RELATIONSHIP GRAPH
- Total Relationships: 11
- Network Associations: All 11 relationships map to MSFT (Microsoft) network identifiers
- No External Associations: No links to non-Microsoft entities, hostnames, or certificates
---
SECURITY RECOMMENDATIONS
Based on risk profile and historical threat associations, the following actions are recommended:
Immediate Mitigation:
- `iptables -A INPUT -s 20.250.145.94 -j DROP`
- `nft add rule inet filter input ip saddr 20.250.145.94 drop`
- `nginx: deny 20.250.145.94;`
- Cloudflare WAF: Block with expression `ip.src eq 20.250.145.94`
- AWS WAF: Add 20.250.145.94/32 to block list
Assessment Note: While this IP resolves to Microsoft Azure infrastructure, historical threat associations and current risk score of 50 warrant defensive blocking. The clean neighborhood classification suggests this risk is isolated to this specific endpoint rather than a broader organizational issue.
---
INTELLIGENCE NOTES
- Risk score elevation likely stems from historical DNSBL listings and Pulse threat feed associations
- Current operational status shows no active malicious indicators
- Microsoft Azure infrastructure may be repurposed for attack infrastructure; maintain defensive posture
- Monitor for changes in geolocation or infrastructure type that could indicate infrastructure migration
Generated: 2026-06-21
Classification: Defensive Security Intelligence
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Microsoft Corporation |
| ASN | AS8075 |
| Network Name | MSFT |
| CIDR Block | 20.192.0.0/10 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Multi-Service Host |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 443, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | Apache/2.4.58 (Ubuntu) |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.16 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 35% | 2 | 3 |
| routing | 8% | 1 | 1 |
| services | 8% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 16% | 1 | 2 |
| geolocation | 19% | 2 | 2 |
| Overall | 19% | 9 | 12 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-27 13:17:21 UTC |
| Last Seen | 2026-06-29 04:18:38 UTC |
| Profile Built | 2026-06-29 04:38:31 UTC |
| Data Freshness | Live |
| Signal Types | 20 |
| Total Observations | 35 |
Full dossier details are available via our API.